Document copyright 2013 Mark Minasi; please see below for info on subscribing, unsubscribing or copying portions of this text.
Hi all —
Last issue, I examined exactly what CHKDSK /F does (and has done since Windows 2000), and in particular what's going on with the automatic CHKDSK that we sometimes see at boot time. Seeing that "I'm going to run CHKDSK" countdown presents server admins with a terrible choice. On the one hand, if we allow CHKDSK to do its scanning and fixing of a disk suspected to have troubles then we may avoid a catastrophic loss of data, which is great. At the same time, however, that scan may take hours and hours... hours wherein that vital server is offline. This month, I've got some good news on that front, at least for people running Windows 8 or Server 2012. CHKDSK still must run at boot time to address a class of disk problems -- no change there -- but when it must fix the disk, the fix will usually just take a minute or two, rather than hours. I think you'll find that some good news and I'll explain it in this newsletter but first, a word from our sponsor...
CHKDSK 2012: Fear CHKDSK No More
So let's review: for many years, Windows has reacted to disk behavior that seems to presage serious data errors by telling CHKDSK, "start up in pre-boot time and give such-and-such drive a thorough scan and repair." On the next boot, Windows halts the boot process early on and tells CHKDSK to do that scan and fix. Even simply scanning a drive of common modern large drive takes a lot of time even on a drive without problems, leading to the "but I can't take that server offline for several housr!" problem.
2012's time-saving solution is, in retrospect, painfully obvious:
Want more detail? Here's the story of CHKDSK 2012.
Phase One: Regular Scans, $Corrupt and $Verify
CHKDSK in the latest versions of Windows has a new option, "/scan." It looks like
chkdsk c: /scan
You needn't probably ever run it, however, as Server 2012 and Windows 8 already have a prebuilt regular task called "ProActiveScan" that runs chkdsk /scan at least once a day. You can get some information on that job by typing get-scheduledtask proactivescan | select *, but you won't see much -- it's some sort of prebuilt task whose internal structure is opaque to all of the Task Scheduler admin tools that I know of.
Chkdsk /scan does several things. First, as its name suggests, it touches all of your disk, examining clusters and data structures to find problems early. Second, chkdsk /scan will fix any minor errors that it can, right on the fly. If you want /scan to run as non-invasively as is possible, add the option "/forceofflinefix" to keep /scan from doing even these small fixes. /Scan runs in low priority, but if for some reason you want it to steal a bit more CPU and run in higher priority, add the option /perf, as in
chkdsk e: /scan /perf /forceofflinefix
When chkdsk /scan comes across a serious this-needs-a-dismount-to-fix sort of problem, it notes the location of the problem in one of two new files, $corrupt and $verify. $corrupt contains the locations of definite problems, and $verify contains the locations of possible problems -- ones that will be easier to test and perhaps fix in an offline CHKDSK session. As you'd guess, whenever CHKDSK /scan runs and must put anything in the $verify and/or $corrupt files, then it also schedules an offline CHKDSK session. You can find out if CHKDSK has scheduled an offline session with the same chkntfs tool that I discussed in the previous newsletter. You can also see the current state of $verify and $corrupt with some fsutil commands:
Phase Two: Fix, but Quickly
When called to do a pre-boot disk fixing session, CHKDSK knows not to scan and just to fix with the $corrupt and $verify info because it's called with a new option, /spotfix, as in
chkdsk c: /spotfix
That takes the volume in question offline, handles the fixes and terminates.
What was the long part of the story becomes quite short in 8/2012. You may recall that pre-2012 versions of Windows showed a 30 second countdown before running CHKDSK. In 2012, that timeout wait goes to one second for Windows 8 and 10 seconds for Server 2012, so if for some reason you want to bump it back up to where it was before, open an elevated command prompt and type
As ten seconds is kind of quick, you might miss the pre-boot CHKDSK session altogether. You can see what CHKDSK has been up to by searching the System event log for error, critical or warning events from source "Ntfs (Microsoft-Windows-Ntfs)." You can do that by creating a filter in the Event Viewer like so:
Now, that's all of the NTFS errors. You can refine that further by right-clicking on your new custom view, choose "Find" and you can then enter some text to search. Type in "chkdsk" and you'll get just the NTFS errors that name CHKDSK.
All in all, this "kindler, gentler CHKDSK" has to be one of Windows 8 and Server 2012's best "quiet" new features.
To Subscribe, Read Old Newsletters, Send Me a Comment or Change Your Email Address
To subscribe: (which just means I'll send you about a three-tweet-sized message in plain text via email including a link to my latest newsletter), please visit http://www.minasi.com/nwsreg.htm.
To change e-mail or other info, drop me a line (haven't figured out a secure method yet).
To read old newsletters: visit http://www.minasi.com/nwstoc.htm and, if you like 'em, please consider subscribing.
To send me a comment: I'm at firstname.lastname@example.org.
All contents copyright 2013 Mark Minasi. I encourage you to quote this material, so long as you include this entire document. Thanks very much for reading, and see you next time.